hurl VS mitmproxy

I tried Hurl after Insomnia went the way of Postman. The highlights you list were the strong drivers for testing it out. Where Hurl fell short was composing requests. Example: X.hurl response has authToken. Y.hurl uses authToken. Z.hurl uses authToken. There's no import ability[1], so you've got to use other tooling to copy X.hurl into Y.hurl and Z.hurl.

Ultimately settled on Bruno. It's backed by readable text files[2] as well. The CLI works for scripting. And the GUI is familiar enough that I've managed to convert Postman holdouts at my dayjob.

[1]: https://github.com/Orange-OpenSource/hurl/issues/1723

[2]: https://docs.usebruno.com/bru-language-samples.html

I haven't used it myself, but maybe something like Hurl? It's not a GUI like Postman though

No, you got what's you write. If you want, you can see the run curl's command, save it in a script and replay it without Hurl. You can check the source code here [1]

[1]: https://github.com/Orange-OpenSource/hurl

You might check out hurl for a RestAPI tool replacement. There is also a vim plugin for it, although I have not used it. Someone already mentioned dadbod (which I think works great on its own), but if you are curious there is also a plugin to add a UI on top of it.

just write a simple frontend on top of https://github.com/Orange-OpenSource/hurl

We've a more "classic" changelog in GitHub [1], I see the blog post as an editorial view of the changelog: highlights of main features/changes with some context.

[1] https://github.com/Orange-OpenSource/hurl/releases/tag/4.0.0

I must say that the name is already taken by another tool language https://github.com/Orange-OpenSource/hurl which is a very good idea(similar to httpYac)

GitHub: https://github.com/Orange-OpenSource/hurl

That's why we have hurl

This statement gives a false sense of security. You can use a transparent proxy, like mitmproxy, to view HTTPS traffic - https://mitmproxy.org/. https://reedmideke.github.io/networking/2021/01/04/mitmproxy-openwrt.html

You'll need to install mitmproxy and set it up on your computer and iOS. I won't go into too much detail here on how to do this, but there are plenty of guides available. This is a pretty good one: https://nadav.ca/2021/02/26/inspecting-an-iphone-s-https-traffic/

TIL this goes back to 2006, how cool! We nowadays have a much simpler version as a mitmproxy example: https://github.com/mitmproxy/mitmproxy/blob/main/examples/ad.... Although it obviously does not work as well anymore with everything being HTTPS nowadays (unless you trust the cert of course). :)

Perhaps you could have your device use a proxy that can do the HTTPS unwrap for you? https://mitmproxy.org/ maybe?

A great way to test the effectiveness of a pinning implementation is by simulating an MITM attack. Tools like Mitmproxy or Wireshack allow us to create a test environment to monitor, intercept, and proxy network requests for a test host.